CVE-2023-3xxx

There are 927 CVE in this subgroup.
Last updated: 
← Back to 2023
ID Summary Flags Max Score
CVE-2023-3000 SQLi in Erikoglu Technology's ErMon
CVE-2023-3001 A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that coul...
CVE-2023-3003 SourceCodester Train Station Ticketing System GET Parameter manage_prices.php sql injection
E
CVE-2023-3004 SourceCodester Simple Chat System POST Parameter sql injection
E
CVE-2023-3005 SourceCodester Local Service Search Engine Management System POST Parameter cross site scripting
E
CVE-2023-3006 A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, bec...
S
CVE-2023-3007 ningzichun Student Management System Password Reset resetPassword.php password recovery
E
CVE-2023-3008 ningzichun Student Management System login.php sql injection
E
CVE-2023-3009 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3010 Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, ve...
CVE-2023-3011 The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and...
S
CVE-2023-3012 NULL Pointer Dereference in gpac/gpac
E S
CVE-2023-3013 Unchecked Return Value in gpac/gpac
E S
CVE-2023-3014 BeipyVideoResolution admincore.php cross site scripting
E
CVE-2023-3015 yiwent Vip Video Analysis title.php server-side request forgery
E
CVE-2023-3016 yiwent Vip Video Analysis admincore.php cross site scripting
E
CVE-2023-3017 SourceCodester Lost and Found Information System Manage User Page cross site scripting
E
CVE-2023-3018 SourceCodester Lost and Found Information System access control
E
CVE-2023-3019 Qemu: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
S
CVE-2023-3020 Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free
E S
CVE-2023-3021 Cross-site Scripting (XSS) - Stored in mkucej/i-librarian-free
E S
CVE-2023-3022 A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in...
S
CVE-2023-3023 The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ par...
S
CVE-2023-3024 Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
CVE-2023-3025 The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versio...
S
CVE-2023-3026 Cross-site Scripting (XSS) - Stored in jgraph/drawio
S
CVE-2023-3027 The grc-policy-propagator allows security escalation within the cluster. The propagator allows polic...
CVE-2023-3028 Improper backend communication allows access and manipulation of the telemetry data
CVE-2023-3029 Guangdong Pythagorean OA Office System delete cross-site request forgery
E
CVE-2023-3031 Prestahop module King-Avis - Path traversal
E
CVE-2023-3032 Mobatime web application - Arbitrary file upload (RCE)
E
CVE-2023-3033 Mobatime web application - broken authorisation mechanisms
E
CVE-2023-3034 Reflected XSS in BKG Ntrip Professional Caster version <=2.0.44
S
CVE-2023-3035 Guangdong Pythagorean OA Office System Schedule cross site scripting
E
CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic
S
CVE-2023-3037 HelpDezk Community improper authorization
CVE-2023-3038 HelpDezk Community improper authorization
CVE-2023-3039 SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-p...
CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior
S
CVE-2023-3041 Autochat <= 1.1.7- Unauthenticated Stored XSS
E
CVE-2023-3042 CNA SHORTNAME: dotCMSORG UUID: 5b9d93f2-25c7-46b4-ab60-d201718c9dd8
CVE-2023-3043 Stack-based Buffer Overflow BMC
CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size
E
CVE-2023-3045 SQLi in Tise Technology's Parking Web Report
CVE-2023-3046 SQLi in Biltay Technlogys Scienta
CVE-2023-3047 SQLi in TMT's Lockcell
E S
CVE-2023-3048 IDOR in TMT's Lockcell
E S
CVE-2023-3049 File Upload in TMT's Lockcell
E S
CVE-2023-3050 Authentication Bypass in TMT's Lockcell
E S
CVE-2023-3051 The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh...
S
CVE-2023-3052 The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio...
S
CVE-2023-3053 The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data du...
S
CVE-2023-3055 The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versio...
S
CVE-2023-3056 YFCMF index.php path traversal
E
CVE-2023-3057 YFCMF Ajax.php path traversal
E
CVE-2023-3058 07FLY CRM User Profile cross site scripting
E
CVE-2023-3059 SourceCodester Online Exam Form Submission update_s6.php sql injection
E
CVE-2023-3060 code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting
E
CVE-2023-3061 code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload
E
CVE-2023-3062 code-projects Agro-School Management System index.php sql injection
E
CVE-2023-3063 The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object Refer...
S
CVE-2023-3064 Mobatime mobile application - Sensitive information disclosure
E
CVE-2023-3065 Mobatime mobile application - Authentication bypass
E
CVE-2023-3066 Mobatime mobile application - Broken authorisation
E
CVE-2023-3067 Cross-site Scripting (XSS) - Stored in zadam/trilium
E S
CVE-2023-3068 Campcodes Retro Cellphone Online Store modal_add_product.php sql injection
E
CVE-2023-3069 Unverified Password Change in tsolucio/corebos
E S
CVE-2023-3070 Cross-site Scripting (XSS) - Stored in tsolucio/corebos
E S
CVE-2023-3071 Cross-site Scripting (XSS) - Stored in tsolucio/corebos
E S
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources
CVE-2023-3073 Cross-site Scripting (XSS) - Stored in tsolucio/corebos
E S
CVE-2023-3074 Cross-site Scripting (XSS) - Stored in tsolucio/corebos
E S
CVE-2023-3075 Cross-Site Request Forgery (CSRF) in tsolucio/corebos
E S
CVE-2023-3076 MStore API < 3.9.9 - Unauthenticated Privilege Escalation
E
CVE-2023-3077 MStore API < 3.9.8 - Unauthenticated Blind SQLi
E
CVE-2023-3078 An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) t...
S
CVE-2023-3079 Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potential...
KEV E
CVE-2023-3080 The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email s...
S
CVE-2023-3081 The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email cont...
S
CVE-2023-3082 The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents i...
S
CVE-2023-3083 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3084 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3085 X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting
S
CVE-2023-3086 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3087 The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subjec...
S
CVE-2023-3088 The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents...
S
CVE-2023-3089 Ocp & fips mode
M
CVE-2023-3090 Out-of-bounds write in Linux kernel's ipvlan network driver
E S
CVE-2023-3091 Captura CRYPTBASE.dll uncontrolled search path
CVE-2023-3092 The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject...
CVE-2023-3093 The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in ...
S
CVE-2023-3094 code-projects Agro-School Management System btn_functions.php doUpdateQuestion sql injection
E
CVE-2023-3095 Improper Access Control in nilsteampassnet/teampass
E S
CVE-2023-3096 KylinSoft kylin-software-properties changedSource access control
E
CVE-2023-3097 KylinSoft kylin-software-properties setMainSource os command injection
E
CVE-2023-3098 KylinSoft youker-assistant restore_all_sound_file path traversal
E
CVE-2023-3099 KylinSoft youker-assistant Arbitrary File dbus.SystemBus delete_file access control
E
CVE-2023-3100 IBOS del actionDel sql injection
E
CVE-2023-3102 Insertion of Sensitive Information Into Sent Data in GitLab
E S
CVE-2023-3103 Authentication Bypass by Spoofing in Unitree Robotics A1
S
CVE-2023-3104 Missing Authentication for Critical Function in Unitree Robotics A1
S
CVE-2023-3105 The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in version...
CVE-2023-3106 Kernel: netlink socket crash (null pointer deref) in netlink_dump function
S
CVE-2023-3107 Remote denial of service in IPv6 fragment reassembly
M
CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg
S
CVE-2023-3109 Cross-site Scripting (XSS) - Stored in admidio/admidio
E S
CVE-2023-3110 Buffer overflow in S0 Decryption on Unify Gateway
CVE-2023-3111 A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in...
CVE-2023-3112 A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could ...
S
CVE-2023-3113 An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Informa...
S
CVE-2023-3114 Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool
CVE-2023-3115 Incorrect User Management in GitLab
E S
CVE-2023-3116 Liteos-A has a incorrect default permissions vulnerability
CVE-2023-3117 Rejected reason: Duplicate of CVE-2023-3390....
R
CVE-2023-3118 Export All URLs < 4.6 - Reflected XSS
E
CVE-2023-3119 SourceCodester Service Provider Management System view.php sql injection
E
CVE-2023-3120 SourceCodester Service Provider Management System view_service.php sql injection
E
CVE-2023-3121 Dahua Smart Parking Management image server-side request forgery
E
CVE-2023-3122 The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email conten...
S
CVE-2023-3123 Rejected reason: Duplicate Assignment....
R
CVE-2023-3124 The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a miss...
E
CVE-2023-3125 The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...
E
CVE-2023-3126 The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capab...
E
CVE-2023-3127 Improper Authentication in iSTAR
S
CVE-2023-3128 Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email f...
CVE-2023-3129 URL Shortify < 1.7.0 - Admin+ Cross Site Scripting
E
CVE-2023-3130 Short URL < 1.6.5 - Admin+ Cross Site Scripting
E
CVE-2023-3131 MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update
E
CVE-2023-3132 The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up...
S
CVE-2023-3133 Tutor LMS < 2.2.1 - Unauthenticated Access to Tutor LMS Lesson Resources via REST API
E S
CVE-2023-3134 Forminator < 1.24.4 - Reflected XSS
E
CVE-2023-3135 The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email...
S
CVE-2023-3136 The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subj...
S
CVE-2023-3138 A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c...
S
CVE-2023-3139 Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
E S
CVE-2023-3140 KNIME Hub Web Application is vulnerable to clickjacking
S
CVE-2023-3141 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in th...
CVE-2023-3142 Cross-site Scripting (XSS) - Stored in microweber/microweber
E S
CVE-2023-3143 SourceCodester Online Discussion Forum Site manage_post.php cross site scripting
E
CVE-2023-3144 SourceCodester Online Discussion Forum Site manage_post.php cross site scripting
E
CVE-2023-3145 SourceCodester Online Discussion Forum Site sql injection
E
CVE-2023-3146 SourceCodester Online Discussion Forum Site manage_category.php sql injection
E
CVE-2023-3147 SourceCodester Online Discussion Forum Site view_category.php sql injection
E
CVE-2023-3148 SourceCodester Online Discussion Forum Site manage_post.php sql injection
E
CVE-2023-3149 SourceCodester Online Discussion Forum Site manage_user.php sql injection
E
CVE-2023-3150 SourceCodester Online Discussion Forum Site manage_post.php sql injection
E
CVE-2023-3151 SourceCodester Online Discussion Forum Site manage_user.php sql injection
E
CVE-2023-3152 SourceCodester Online Discussion Forum Site view_post.php sql injection
E
CVE-2023-3153 Service monitor mac flow is not rate limited
S
CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
E
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete
E
CVE-2023-3158 The Mail Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subj...
S
CVE-2023-3159 A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linu...
S
CVE-2023-3160 Local privilege escalation in security products for Windows
CVE-2023-3161 A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width ...
S
CVE-2023-3162 The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypas...
S
CVE-2023-3163 y_project RuoYi filterKeyword resource consumption
E
CVE-2023-3164 Heap-buffer-overflow in extractimagesection()
CVE-2023-3165 SourceCodester Life Insurance Management System POST Parameter insertNominee.php cross site scripting
E
CVE-2023-3166 The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email...
S
CVE-2023-3167 The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subjec...
CVE-2023-3168 The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email ...
S
CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS
E
CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS
E
CVE-2023-3171 Eap-7: heap exhaustion via deserialization
CVE-2023-3172 Path Traversal in froxlor/froxlor
E S
CVE-2023-3173 Improper Restriction of Excessive Authentication Attempts in froxlor/froxlor
E S
CVE-2023-3175 AI ChatBot < 4.6.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3176 SourceCodester Lost and Found Information System manage_user.php sql injection
E
CVE-2023-3177 SourceCodester Lost and Found Information System view_inquiry.php sql injection
E
CVE-2023-3178 POST SMTP Mailer < 2.5.7 - Arbitrary Log Deletion via CSRF
E
CVE-2023-3179 POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF
E
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
S
CVE-2023-3181 Insecure Permissions in Splashtop Software Updater
CVE-2023-3182 Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS
E
CVE-2023-3183 SourceCodester Performance Indicator System addproduct.php cross site scripting
E
CVE-2023-3184 SourceCodester Sales Tracker Management System cross site scripting
E
CVE-2023-3185 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3186 Supsystic Popup < 1.10.19 - Prototype Pollution
E
CVE-2023-3187 PHPGurukul Teachers Record Management System Profile Picture changeimage.php unrestricted upload
E
CVE-2023-3188 Server-Side Request Forgery (SSRF) in owncast/owncast
E S
CVE-2023-3189 SourceCodester Online School Fees System POST Parameter branch.php cross site scripting
E
CVE-2023-3190 Improper Encoding or Escaping of Output in nilsteampassnet/teampass
E S
CVE-2023-3191 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3192 Session Fixation in froxlor/froxlor
E S
CVE-2023-3193 Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal ...
S
CVE-2023-3195 A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an at...
E S
CVE-2023-3196 Multiple vulnerabilities in Canopsis of Capensis
S
CVE-2023-3197 The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id...
S
CVE-2023-3198 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3199 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3200 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3201 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3202 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3203 The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce...
S
CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update
S
CVE-2023-3205 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3206 Chengdu VEC40G denial of service
E
CVE-2023-3207 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-31237. Reason: ...
R
CVE-2023-3208 RoadFlow Visual Process Engine .NET Core Mvc Login sql injection
E
CVE-2023-3209 MStore API < 3.9.7 - Settings Update via CSRF
E
CVE-2023-3210 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3211 WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection
E
CVE-2023-3212 A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on...
S
CVE-2023-3213 The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a miss...
CVE-2023-3214 Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attack...
CVE-2023-3215 Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to poten...
CVE-2023-3216 Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potential...
CVE-2023-3217 Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potent...
CVE-2023-3218 Race Condition within a Thread in it-novum/openitcockpit
E S
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR
E
CVE-2023-3220 An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/dr...
S
CVE-2023-3221 User enumeration vulnerability in Roundcube Password Recovery Plugin
CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin
CVE-2023-3223 Undertow: outofmemoryerror due to @multipartconfig handling
CVE-2023-3224 Code Injection in nuxt/nuxt
E S
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3226 Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling
E S
CVE-2023-3228 Business Logic Errors in fossbilling/fossbilling
E S
CVE-2023-3229 Business Logic Errors in fossbilling/fossbilling
E S
CVE-2023-3230 Missing Authorization in fossbilling/fossbilling
E S
CVE-2023-3231 UJCMS ZIP Package information disclosure
E
CVE-2023-3232 Zhong Bang CRMEB Image Upload app_auth deserialization
E
CVE-2023-3233 Zhong Bang CRMEB PublicController.php get_image_base64 server-side request forgery
E
CVE-2023-3234 Zhong Bang CRMEB PublicController.php put_image deserialization
E
CVE-2023-3235 mccms Comic.php pic_api server-side request forgery
E
CVE-2023-3236 mccms Comic.php pic_save server-side request forgery
E
CVE-2023-3237 OTCMS hard-coded password
E
CVE-2023-3238 OTCMS server-side request forgery
E
CVE-2023-3239 OTCMS path traversal
E
CVE-2023-3240 OTCMS usersNews_deal.php path traversal
E
CVE-2023-3241 OTCMS path traversal
E
CVE-2023-3242 Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Ru...
CVE-2023-3243 ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to c...
CVE-2023-3244 The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data du...
CVE-2023-3245 Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3246 Allocation of Resources Without Limits or Throttling in GitLab
E S
CVE-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
S
CVE-2023-3248 All-in-one Floating Contact Form < 2.1.2 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3249 The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authenticati...
S
CVE-2023-3251 Pass-back vulnerability in Nessus
S
CVE-2023-3252 Arbitrary File Write
S
CVE-2023-3253 Improper authorization in Nessus
S
CVE-2023-3254 The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in v...
S
CVE-2023-3255 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
S
CVE-2023-3256 Advantech R-SeeNet External Control of File Name or Path
S
CVE-2023-3259 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentic...
CVE-2023-3260 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command i...
CVE-2023-3261 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow...
CVE-2023-3262 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credential...
CVE-2023-3263 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentic...
CVE-2023-3264 The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credential...
CVE-2023-3265 An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-char...
CVE-2023-3266 A non-feature complete authentication mechanism exists in the production application allowing an att...
CVE-2023-3267 When adding a remote backup location, an authenticated user can pass arbitrary OS commands through t...
CVE-2023-3268 An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos...
S
CVE-2023-3269 Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
S
CVE-2023-3270 Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unaut...
M
CVE-2023-3271 Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gath...
S
CVE-2023-3272 Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacke...
M
CVE-2023-3273 Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affe...
M
CVE-2023-3274 code-projects Supplier Management System Picture btn_functions.php unrestricted upload
E
CVE-2023-3275 PHPGurukul Rail Pass Management System POST Request view-pass-detail.php sql injection
CVE-2023-3276 Dromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
E
CVE-2023-3277 The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escal...
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
E
CVE-2023-3280 Cortex XDR Agent: Local Windows User Can Disable the Agent
S
CVE-2023-3282 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine
S
CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0
CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0
CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0
CVE-2023-3288 A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0
CVE-2023-3289 A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0
CVE-2023-3290 A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0
CVE-2023-3291 Heap-based Buffer Overflow in gpac/gpac
E S
CVE-2023-3292 Grid Kit Premium < 2.2.0 - Multiple Reflected Cross-Site Scripting
E
CVE-2023-3293 Cross-site Scripting (XSS) - Stored in salesagility/suitecrm-core
E S
CVE-2023-3294 Cross-site Scripting (XSS) - DOM in saleor/react-storefront
E S
CVE-2023-3295 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload
CVE-2023-3297 In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerabilit...
E
CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins
CVE-2023-3301 Triggerable assertion due to race condition in hot-unplug
S
CVE-2023-3302 Improper Neutralization of Formula Elements in a CSV File in admidio/admidio
E S
CVE-2023-3303 Improper Access Control in admidio/admidio
E S
CVE-2023-3304 Improper Access Control in admidio/admidio
E S
CVE-2023-3305 C-DATA Web Management System User Creation access control
E
CVE-2023-3306 Ruijie RG-EW1200G Admin Password app.09df2a9e44ab48766f5f.js access control
E
CVE-2023-3307 miniCal sql injection
E
CVE-2023-3308 whaleal IceFrog Aviator Template Engine deserialization
E
CVE-2023-3309 SourceCodester Resort Reservation System Manage Room Page ?page=rooms cross site scripting
E
CVE-2023-3310 code-projects Agro-School Management System loaddata.php sql injection
E
CVE-2023-3311 PuneethReddyHC online-shopping-system-advanced addsuppliers.php cross site scripting
E
CVE-2023-3312 A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Ker...
CVE-2023-3313 An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutral...
CVE-2023-3314 A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s)...
CVE-2023-3315 Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Over...
CVE-2023-3316 A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
E S
CVE-2023-3317 A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/...
CVE-2023-3318 SourceCodester Resort Management System cross site scripting
E
CVE-2023-3319 XSS in iDisplays PlatPlay DS
CVE-2023-3320 The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions u...
E S
CVE-2023-3321 Code Execution through Writable Mosquitto Configuration File
M
CVE-2023-3322 Code Execution through overwriting service executable in utilities directory
M
CVE-2023-3323 Code Execution through overwriting project file on zenon engineering studio system
M
CVE-2023-3324 Insecure deserialization in zenon internal DLLs
M
CVE-2023-3325 The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an in...
S
CVE-2023-3326 Network authentication attack via pam_krb5
M
CVE-2023-3327 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidat...
R
CVE-2023-3328 Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS
E
CVE-2023-3329 CVE-2023-3329
CVE-2023-3330 Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm W...
M
CVE-2023-3331 Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm A...
M
CVE-2023-3332 Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm A...
M
CVE-2023-3333 Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation A...
M
CVE-2023-3335 Information Exposure Vulnerability in Hitachi Ops Center Administrator
CVE-2023-3336 TN-5900 Series User Enumeration Vulnerability
S
CVE-2023-3337 PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication
CVE-2023-3338 Crash due to a null pointer dereference in the dn_nsp_send function
E
CVE-2023-3339 code-projects Agro-School Management System exam-delete.php sql injection
E
CVE-2023-3340 SourceCodester Online School Fees System GET Parameter ajx.php sql injection
E
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
S
CVE-2023-3342 The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcode...
E S
CVE-2023-3343 The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, ...
S
CVE-2023-3344 Auto Location for WP Job Manager via Google < 1.1 - Admin+ Cross Site Scripting
E
CVE-2023-3345 LMS by Masteriyo < 1.6.8 - Information Exposure
E
CVE-2023-3346 Denial of Service (DoS) and Remote Code Execution Vulnerability in MITSUBISHI CNC Series
CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set
CVE-2023-3348 Directory traversal vulnerability in Cloudflare Wrangler
S
CVE-2023-3349 Information exposure on IBERMATICA RPS
CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS
CVE-2023-3351 Rejected reason: Wrong year requested....
R
CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion
CVE-2023-3353 Rejected reason: ** REJECT ** Developer patched two issues with a single patch, so only one CVE is n...
R
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
S
CVE-2023-3355 Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c
S
CVE-2023-3356 Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS
E
CVE-2023-3357 A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This fla...
S
CVE-2023-3358 A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This ...
S
CVE-2023-3359 An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks fo...
S
CVE-2023-3361 S3 credentials included when exporting elyra notebook
CVE-2023-3362 Generation of Error Message Containing Sensitive Information in GitLab
S
CVE-2023-3363 Insertion of Sensitive Information into Log File in GitLab
S
CVE-2023-3364 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3365 MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion
E
CVE-2023-3366 MultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRF
E
CVE-2023-3368 Chamilo LMS Unauthenticated Command Injection
E S
CVE-2023-3369 The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin...
S
CVE-2023-3370 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-3371 The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to ha...
S
CVE-2023-3372 Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
E
CVE-2023-3373 Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT200...
CVE-2023-3374 Privilege Escalation in Bookreen
CVE-2023-3375 Unrestricted File Upload in Bookreen
CVE-2023-3376 SQLi in Digital Strategys Zekiweb
CVE-2023-3377 SQLi in Veribilim's Veribase
CVE-2023-3378 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3379 WAGO: Improper Privilege Management in web-based management
CVE-2023-3380 Wavlink WN579X3 Ping Test adm.cgi injection
E
CVE-2023-3381 SourceCodester Online School Fees System GET Parameter datatable.php cross site scripting
E
CVE-2023-3382 SourceCodester Game Result Matrix System GET Parameter save-delegates.php cross site scripting
E
CVE-2023-3383 SourceCodester Game Result Matrix System GET Parameter athlete-profile.php sql injection
E
CVE-2023-3384 Quay: stored cross site scripting
CVE-2023-3385 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
E S
CVE-2023-3386 SQLi in a2 Camera Trap Tracking System
CVE-2023-3387 The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'la...
S
CVE-2023-3388 The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via t...
S
CVE-2023-3389 Use after free in io_uring in the Linux Kernel
S
CVE-2023-3390 Use-after-free in Linux kernel's netfilter subsystem
S
CVE-2023-3391 SourceCodester Human Resource Management System detailview.php sql injection
E
CVE-2023-3392 Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection
E
CVE-2023-3393 Code Injection in fossbilling/fossbilling
E S
CVE-2023-3394 Session Fixation in fossbilling/fossbilling
E S
CVE-2023-3395 ​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. ...
M
CVE-2023-3396 Campcodes Retro Cellphone Online Store index.php sql injection
E
CVE-2023-3397 Kernel: slab-use-after-free write in txend due to race condition
S
CVE-2023-3398 Denial of Service in jgraph/drawio
E S
CVE-2023-3399 Insertion of Sensitive Information Into Sent Data in GitLab
E S
CVE-2023-3401 Improper Control of Generation of Code ('Code Injection') in GitLab
E S
CVE-2023-3402 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3403 The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
S
CVE-2023-3404 The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information...
S
CVE-2023-3405 Denial of service condition in M-Files Server
S
CVE-2023-3406 Path traversal issue in M-Files Classic Web
S
CVE-2023-3407 The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, a...
S
CVE-2023-3408 Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings
CVE-2023-3409 Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings
CVE-2023-3410 Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting
CVE-2023-3411 The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vuln...
E
CVE-2023-3412 The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vuln...
CVE-2023-3413 Insertion of Sensitive Information Into Sent Data in GitLab
E S
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps
CVE-2023-3416 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection
CVE-2023-3417 Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment ...
CVE-2023-3418 Rejected reason: The issue is not in the plugin itself but the underlying chat service...
R
CVE-2023-3419 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection
CVE-2023-3420 Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potential...
CVE-2023-3421 Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potent...
CVE-2023-3422 Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convin...
CVE-2023-3423 Weak Password Requirements in cloudexplorer-dev/cloudexplorer-lite
E S
CVE-2023-3424 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3425 CVE-2023-3425: Out-of-Bounds memory read
S
CVE-2023-3426 The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81...
S
CVE-2023-3427 The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in version...
S
CVE-2023-3428 Imagemagick: heap-buffer-overflow in coders/tiff.c
CVE-2023-3430 Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp
E
CVE-2023-3431 Improper Access Control in plantuml/plantuml
E S
CVE-2023-3432 Server-Side Request Forgery (SSRF) in plantuml/plantuml
E S
CVE-2023-3433 Local Denial of Service in Jami
S
CVE-2023-3434 QRC Handler without Input Validation in Jami
S
CVE-2023-3435 User Activity Log < 1.6.5 - Unauthenticated SQLi
E
CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references
CVE-2023-3437 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3438 An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Wi...
S
CVE-2023-3439 A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims t...
S
CVE-2023-3440 File and Directory Permission Vulnerability in JP1/Performance Management
CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
E S
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps
CVE-2023-3443 Incorrect Authorization in GitLab
E S
CVE-2023-3444 Incorrect Authorization in GitLab
E S
CVE-2023-3445 Cross-site Scripting (XSS) - Stored in spinacms/spina
E S
CVE-2023-3446 Excessive time spent checking DH keys and parameters
S
CVE-2023-3447 The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injec...
S
CVE-2023-3448 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3449 IBOS OA Interview Management Export export&interviews=x actionExport sql injection
E
CVE-2023-3450 Ruijie RG-BCR860 Network Diagnostic Page os command injection
E
CVE-2023-3451 Rejected reason: Duplicate CVE. Please use CVE-2023-32297....
R
CVE-2023-3452 The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and includi...
S
CVE-2023-3453 ETIC Telecom Insecure Default Initialization of Resource
S
CVE-2023-3454 Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could al...
CVE-2023-3455 Key management vulnerability on system. Successful exploitation of this vulnerability may affect ser...
CVE-2023-3456 Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of...
CVE-2023-3457 SourceCodester Shopping Website index.php sql injection
E
CVE-2023-3458 SourceCodester Shopping Website forgot-password.php sql injection
E
CVE-2023-3459 The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modific...
S
CVE-2023-3460 Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation
E S
CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration
CVE-2023-3463 GE Digital CIMPLICITY Heap-based Buffer Overflow
S
CVE-2023-3464 SimplePHPscripts Classified Ads Script URL Parameter preview.php cross site scripting
S
CVE-2023-3465 SimplePHPscripts Classified Ads Script HTTP POST Request user.php cross site scripting
S
CVE-2023-3466 Reflected Cross-Site Scripting (XSS) ...
CVE-2023-3467 Privilege Escalation to root administrator (nsroot) ...
CVE-2023-3469 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
E S
CVE-2023-3470 BIG-IP FIPS HSM password vulnerability CVE-2023-3470
CVE-2023-3471 Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers...
CVE-2023-3472 Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers ...
CVE-2023-3473 Campcodes Retro Cellphone Online Store edit_product.php sql injection
E
CVE-2023-3474 SimplePHPscripts Simple Blog URL Parameter preview.php cross site scripting
CVE-2023-3475 SimplePHPscripts Event Script URL Parameter preview.php cross site scripting
CVE-2023-3476 SimplePHPscripts GuestBook Script URL Parameter preview.php cross site scripting
CVE-2023-3477 RocketSoft Rocket LMS Contact Form store cross site scripting
CVE-2023-3478 IBOS OA Add User edit&op=member actionEdit sql injection
E
CVE-2023-3479 Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
E S
CVE-2023-3481 XSS in Chrome Lab Critters
CVE-2023-3482 When Firefox is configured to block storage of all cookies, it was still possible to store data in l...
CVE-2023-3483 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3484 Incorrect Authorization in GitLab
E S
CVE-2023-3485 Insecure Default Authorization in Temporal Server
S
CVE-2023-3486 PaperCut NG Unauthenticated File Upload
CVE-2023-3487 Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack
S
CVE-2023-3489 firmwaredownload command could log servers passwords in clear text
M
CVE-2023-3490 SQL Injection in fossbilling/fossbilling
E S
CVE-2023-3491 Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling
E S
CVE-2023-3492 WP Shopping Pages <= 1.14 - Stored XSS via CSRF
E
CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File in fossbilling/fossbilling
S
CVE-2023-3494 bhyve privileged guest escape via fwctl
CVE-2023-3495 Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (KeypadDesigner)
CVE-2023-3496 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse...
R
CVE-2023-3497 Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114....
CVE-2023-3499 Robo Gallery < 3.2.16 - Admin+ Stored XSS
E
CVE-2023-3500 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
E S
CVE-2023-3501 FormCraft < 1.2.7 - Admin+ Stored XSS
E
CVE-2023-3502 SourceCodester Shopping Website search-result.php sql injection
E
CVE-2023-3503 SourceCodester Shopping Website insert-product.php unrestricted upload
E
CVE-2023-3504 SmartWeb Infotech Job Board My Profile Page account unrestricted upload
CVE-2023-3505 Onest CRM Project List 2 cross site scripting
CVE-2023-3506 Active It Zone Active eCommerce CMS Create Ticket Page support_ticket cross site scripting
CVE-2023-3507 WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF
E
CVE-2023-3508 WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF
E
CVE-2023-3509 Incorrect Authorization in GitLab
E S
CVE-2023-3510 FTP Access <= 1.0 - Subscriber+ Stored XSS
E
CVE-2023-3511 Incorrect Authorization in GitLab
E S
CVE-2023-3512 Relative path traversal in Setelsa Security ConacWin CB
S
CVE-2023-3513 RazerCentralService Unsafe Deserialization Escalation of Privilege
E
CVE-2023-3514 RazerCentralSerivce Unsafe Named Pipe Permission Escalation of Privilege Vulnerability
E
CVE-2023-3515 Open Redirect in go-gitea/gitea
E S
CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
CVE-2023-3519 Unauthenticated remote code execution...
KEV E
CVE-2023-3520 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit
E S
CVE-2023-3521 Cross-site Scripting (XSS) - Reflected in fossbilling/fossbilling
E S
CVE-2023-3522 SQLi in a2 License Portal System
CVE-2023-3523 Out-of-bounds Read in gpac/gpac
E S
CVE-2023-3524 WPCode < 2.0.13.1 - Reflected XSS
E
CVE-2023-3525 The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due...
E
CVE-2023-3526 PHOENIX CONTACT: Cross-site Scripting vulnerability in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices
CVE-2023-3527 Avaya Call Management System CSV injection vulnerability
S
CVE-2023-3528 ThinuTech ThinuCMS category.php sql injection
CVE-2023-3529 Rotem Dynamics Rotem CRM OTP URI Interface information exposure
CVE-2023-3531 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
E S
CVE-2023-3532 Cross-site Scripting (XSS) - Stored in outline/outline
E S
CVE-2023-3533 Chamilo LMS Unauthenticated Remote Code Execution via Arbitrary File Write
E S
CVE-2023-3534 SourceCodester Shopping Website check_availability.php sql injection
E
CVE-2023-3535 SimplePHPscripts FAQ Script PHP URL Parameter preview.php cross site scripting
CVE-2023-3536 SimplePHPscripts Funeral Script PHP URL Parameter preview.php cross site scripting
CVE-2023-3537 SimplePHPscripts News Script PHP Pro URL Parameter preview.php cross site scripting
CVE-2023-3538 SimplePHPscripts Photo Gallery PHP URL Parameter preview.php cross site scripting
CVE-2023-3539 SimplePHPscripts Simple Forum PHP URL Parameter preview.php cross site scripting
CVE-2023-3540 SimplePHPscripts NewsLetter Script PHP URL Parameter preview.php cross site scripting
CVE-2023-3541 ThinuTech ThinuCMS author_posts.php cross site scripting
CVE-2023-3542 ThinuTech ThinuCMS contact.php cross site scripting
CVE-2023-3543 GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting
CVE-2023-3544 GZ Scripts Time Slot Booking Calendar PHP load.php cross site scripting
CVE-2023-3545 Chamilo LMS Htaccess File Upload Security Bypass
E S
CVE-2023-3547 All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF
E
CVE-2023-3548 IQ Wifi 6
S
CVE-2023-3549 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3550 Stored XSS leads to privilege escalation in MediaWiki v1.40.0
E
CVE-2023-3551 Code Injection in nilsteampassnet/teampass
E S
CVE-2023-3552 Improper Encoding or Escaping of Output in nilsteampassnet/teampass
E S
CVE-2023-3553 Exposure of Sensitive Information to an Unauthorized Actor in nilsteampassnet/teampass
E S
CVE-2023-3554 GZ Scripts GZ Forum Script preview.php cross site scripting
CVE-2023-3555 GZ Scripts PHP Vacation Rental Script preview.php cross site scripting
CVE-2023-3556 GZ Scripts Car Listing Script PHP preview.php cross site scripting
CVE-2023-3557 GZ Scripts Property Listing Script preview.php cross site scripting
CVE-2023-3558 GZ Scripts Event Booking Calendar load.php cross site scripting
CVE-2023-3559 GZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting
CVE-2023-3560 GZ Scripts Ticket Booking Script load.php cross site scripting
CVE-2023-3561 GZ Scripts PHP GZ Hotel Booking Script load.php cross site scripting
CVE-2023-3562 GZ Scripts PHP CRM Platform index.php cross site scripting
CVE-2023-3563 GZ Scripts GZ E Learning Platform URL Parameter cross site scripting
CVE-2023-3564 GZ Scripts GZ Multi Hotel Booking System index.php cross site scripting
CVE-2023-3565 Cross-site Scripting (XSS) - Generic in nilsteampassnet/teampass
E S
CVE-2023-3566 wallabag Profile Config config allocation of resources
E
CVE-2023-3567 Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
S
CVE-2023-3568 Open Redirect in alextselegidis/easyappointments
CVE-2023-3569 PHOENIX CONTACT: Denial-of-Service due to malicious XML files in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT
CVE-2023-3570 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
CVE-2023-3573 PHOENIX CONTACT: Command Injection in WP 6xxx Web panels
CVE-2023-3574 Improper Authorization in pimcore/customer-data-framework
E S
CVE-2023-3575 Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS
E
CVE-2023-3576 Libtiff: memory leak in tiffcrop.c
CVE-2023-3577 Limited blind SSRF to localhost/intranet in interactive dialog implementation
S
CVE-2023-3578 DedeCMS co_do.php server-side request forgery
E
CVE-2023-3579 HadSky User cross-site request forgery
E
CVE-2023-3580 Improper Handling of Additional Special Element in squidex/squidex
E S
CVE-2023-3581 WebSockets accept connections from HTTPS origin
S
CVE-2023-3582 Lack of channel membership check when linking a board to a channel
S
CVE-2023-3584 Member can create team with team override scheme
S
CVE-2023-3585 channel DoS by sharing a boards link
S
CVE-2023-3586 Disabling publicly-shared boards does not disable existing publicly available board links
S
CVE-2023-3587 Inconsistent state in UI after boards permission change by system admin
S
CVE-2023-3588 Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
CVE-2023-3589 Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
CVE-2023-3590 Deleted attachments in Boards remain accessible
S
CVE-2023-3591 Lack of previous password reset tokens on new token creation
S
CVE-2023-3592 In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will me...
CVE-2023-3593 Server crash via a specially crafted markdown input
S
CVE-2023-3595 Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution
S
CVE-2023-3596 Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service
S
CVE-2023-3597 Keycloak: secondary factor bypass in step-up authentication
CVE-2023-3598 Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attac...
E
CVE-2023-3599 SourceCodester Best Fee Management System Add User admin_class.php save_user access control
E
CVE-2023-3600 During the worker lifecycle, a use-after-free condition could have occured, which could have led to ...
CVE-2023-3601 Simple Author Box < 2.52 - Contributor+ Arbitrary User Information Disclosure via IDOR
E
CVE-2023-3603 Processing sftp server read may cause null dereference
M
CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure
E
CVE-2023-3605 PHPGurukul Online Shopping Portal Registration Page excessive authentication
CVE-2023-3606 TamronOS ping os command injection
E
CVE-2023-3607 kodbox WebConsole Plug-In webconsole.php.txt Execute os command injection
E
CVE-2023-3608 Ruijie BCR810W Tracert Page os command injection
E
CVE-2023-3609 Use-after-free in Linux kernel's net/sched: cls_u32 component
S
CVE-2023-3610 Use-after-free in Linux kernel's netfilter: nf_tables component
S
CVE-2023-3611 Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
S
CVE-2023-3612 Unprotected WebView access in Govee Home App
S
CVE-2023-3613 Guest accounts invited and added to channels by Welcomebot plugin
S
CVE-2023-3614 Denial of Service via specially crafted gif image
S
CVE-2023-3615 Lack of server certificate validation in websockets connection
S
CVE-2023-3616 SQLi in Mava Softwares Hotel Management System
CVE-2023-3617 SourceCodester Best POS Management System Login Page admin_class.php sql injection
E
CVE-2023-3618 Segmentation fault in fax3encode in libtiff/tif_fax3.c
CVE-2023-3619 SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3620 Cross-site Scripting (XSS) - Stored in amauric/tarteaucitron.js
E S
CVE-2023-3621 IBOS OA Delete Packet delete createDeleteCommand sql injection
E
CVE-2023-3622 Access Control Bypass Vulnerability in the SolarWinds Platform
S
CVE-2023-3623 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Module UploadHandler.ashx unrestricted upload
E
CVE-2023-3624 Nesote Inout Blockchain FiatExchanger POST Parameter update_marketboxslider sql injection
CVE-2023-3625 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Write-UploadFile UploadFile.ashx unrestricted upload
E
CVE-2023-3626 Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System UpLoadFloodPlanFile UpLoadFloodPlanFile.ashx unrestricted upload
E
CVE-2023-3627 Cross-Site Request Forgery (CSRF) in salesagility/suitecrm-core
E S
CVE-2023-3628 Infispan: rest bulk ops don't check permissions
CVE-2023-3629 Infinispan: non-admins should not be able to get cache config via rest api
CVE-2023-3631 SQLi in Medart Notification Panel
CVE-2023-3632 Hard-coded Cryptographic Key in Kunduz - Homework Helper App
CVE-2023-3633 Out of Bounds Memory Corruption Issue in CEVA Engine
S
CVE-2023-3635 Okio GzipSource unhandled exception Denial of Service
E S
CVE-2023-3636 The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to,...
S
CVE-2023-3637 Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)
CVE-2023-3638 GeoVision GV-ADR2701 Improper Authentication
S
CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space
M
CVE-2023-3641 khodakhah NodCMS POST Request blog-comment-4 cross site scripting
CVE-2023-3642 GZ Scripts Vacation Rental Website HTTP POST Request cross site scripting
CVE-2023-3643 Boss Mini document file inclusion
E
CVE-2023-3644 SourceCodester Service Provider Management System sql injection
CVE-2023-3645 Contact Form Builder by Bit Form < 2.2.0 - Admin+ Stored XSS
E
CVE-2023-3646 On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
E S
CVE-2023-3647 IURNY by INDIGITALL < 3.2.3 - Admin+ Stored XSS
E
CVE-2023-3648 Mismatched Memory Management Routines in Wireshark
S
CVE-2023-3649 Buffer Over-read in Wireshark
S
CVE-2023-3650 Bubble Menu < 3.0.5 - Admin+ Stored XSS
E
CVE-2023-3651 SQLi in Digital Ant E-Commerce Software
CVE-2023-3652 Reflected XSS in Digital Ant E-Commerce Software
CVE-2023-3653 Stored XSS in Digital Ant E-Commerce Software
CVE-2023-3654 Origin Check Bypass
CVE-2023-3655 Unauthenticated Remote Database Exfiltration
CVE-2023-3656 Unauthenticated Remote Code Execution
CVE-2023-3657 SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3658 SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3659 SourceCodester AC Repair and Services System cross site scripting
CVE-2023-3660 Campcodes Retro Cellphone Online Store add_user_modal.php cross site scripting
E
CVE-2023-3661 SourceCodester AC Repair and Services System sql injection
CVE-2023-3662 CODESYS: Vulnerability in CODESYS Development System allows for execution of binaries
M
CVE-2023-3663 CODESYS: Missing integrity check in CODESYS Development System
CVE-2023-3664 FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access
E
CVE-2023-3665 A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a loca...
CVE-2023-3667 Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3668 Improper Encoding or Escaping of Output in froxlor/froxlor
E S
CVE-2023-3669 CODESYS: Missing Brute-Force protection in CODESYS Development System
CVE-2023-3670 Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
CVE-2023-3671 MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS
E
CVE-2023-3672 Cross-site Scripting (XSS) - DOM in plaidweb/webmention.js
E S
CVE-2023-3673 SQL Injection in pimcore/pimcore
E S
CVE-2023-3674 Keylime: attestation failure when the quote's signature does not validate
S
CVE-2023-3675 Insufficient input validation when downloading certain file types.
CVE-2023-3676 Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
E S
CVE-2023-3677 The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the page...
S
CVE-2023-3678 SourceCodester AC Repair and Services System HTTP POST Request sql injection
CVE-2023-3679 SourceCodester Lost and Found Information System HTTP POST Request sql injection
CVE-2023-3680 SourceCodester Lost and Found Information System HTTP POST Request sql injection
CVE-2023-3681 Campcodes Retro Cellphone Online Store modal_add_product.php cross site scripting
E
CVE-2023-3682 Nesote Inout Blockchain EasyPayments POST Parameter getcoinaddress sql injection
CVE-2023-3683 LivelyWorks Articart search cross site scripting
CVE-2023-3684 LivelyWorks Articart Base64 Encoding de_DE redirect
CVE-2023-3685 Nesote Inout Search Engine AI Edition index.php cross site scripting
CVE-2023-3686 Bylancer QuickAI OpenAI GET Parameter blog sql injection
CVE-2023-3687 Bylancer QuickVCard GET Parameter blog sql injection
CVE-2023-3688 Bylancer QuickJob GET Parameter sql injection
CVE-2023-3689 Bylancer QuickQR GET Parameter blog sql injection
CVE-2023-3690 Bylancer QuickOrder GET Parameter blog sql injection
CVE-2023-3691 layui HTML Attribute cross site scripting
E S
CVE-2023-3692 Unrestricted Upload of File with Dangerous Type in admidio/admidio
E S
CVE-2023-3693 SourceCodester Life Insurance Management System login.php sql injection
E
CVE-2023-3694 SourceCodester/projectworlds House Rental and Property Listing index.php sql injection
E
CVE-2023-3695 Campcodes Beauty Salon Management System add-product.php sql injection
E
CVE-2023-3696 Prototype Pollution in automattic/mongoose
E S
CVE-2023-3697 A Command injection vulnerability was found on Printer service of ADM
CVE-2023-3698 A Command injection vulnerability was found on Printer service of ADM
CVE-2023-3699 An Improper Privilege Management vulnerability was found on the ADM
CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments
E S
CVE-2023-3701 Relative path traversal in Aqua eSolutions
S
CVE-2023-3703 Proscend Advice ICR Series routers fw version 1.76
S
CVE-2023-3704 Timestamp Modification Vulnerability in CP-Plus Digital Video Recorder
S
CVE-2023-3705 Information Disclosure Vulnerability in CP-Plus Network Video Recorder
S
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
E
CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure
E
CVE-2023-3708 Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via bread...
S
CVE-2023-3709 The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure ...
S
CVE-2023-3710 Printer web page invalid command execution
CVE-2023-3711 Potential Predictable Session ID
CVE-2023-3712 Potential user privilege escalation
CVE-2023-3713 The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
S
CVE-2023-3714 The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a mis...
S
CVE-2023-3716 SQLi in Oduyo Online Collection Software
CVE-2023-3717 SQLi in Farmakoms Remote Administration Console
CVE-2023-3718 Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
M
CVE-2023-3720 Upload Media By URL < 1.0.8 - Stored XSS via CSRF
E
CVE-2023-3721 WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting
E
CVE-2023-3722 Avaya Aura Device Services Remote Code Execution
S
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
S
CVE-2023-3725 Potential buffer overflow vulnerability in the Zephyr CANbus subsystem
E
CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting
E
CVE-2023-3727 Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potent...
E
CVE-2023-3728 Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potent...
E
CVE-2023-3729 Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote ...
E
CVE-2023-3730 Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who c...
E
CVE-2023-3731 Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attack...
E
CVE-2023-3732 Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacke...
CVE-2023-3733 Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a re...
E
CVE-2023-3734 Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a...
E
CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 a...
E
CVE-2023-3736 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allow...
E
CVE-2023-3737 Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remo...
E
CVE-2023-3738 Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote at...
CVE-2023-3739 Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.57...
E
CVE-2023-3740 Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed...
E
CVE-2023-3741 An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows a...
CVE-2023-3742 Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a...
E
CVE-2023-3743 SQL injection vulnerability in LeoTheme's Ap Page Builder
S
CVE-2023-3744 Server-Side Request Forgery in SLiMS
S
CVE-2023-3745 Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
E S
CVE-2023-3746 ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS
E
CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode
CVE-2023-3748 Inifinite loop in babld message parsing may cause dos
CVE-2023-3749 VideoEdge config
S
CVE-2023-3750 Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
CVE-2023-3751 Super Store Finder POST Parameter index.php sql injection
CVE-2023-3752 Creativeitem Academy LMS courses cross site scripting
CVE-2023-3753 Creativeitem Mastery LMS browse cross site scripting
CVE-2023-3754 Creativeitem Ekushey Project Manager CRM xxxxxxxx[random-msg-hash] cross site scripting
CVE-2023-3755 Creativeitem Atlas Business Directory Listing filter_listings cross site scripting
CVE-2023-3756 Creativeitem Atlas Business Directory Listing search cross site scripting
CVE-2023-3757 GZ Scripts Car Rental Script cross site scripting
CVE-2023-3758 Sssd: race condition during authorization leads to gpo policies functioning inconsistently
M
CVE-2023-3759 Intergard SGS permission
E
CVE-2023-3760 Intergard SGS Change Password denial of service
E
CVE-2023-3761 Intergard SGS Password Change cleartext transmission
E
CVE-2023-3762 Intergard SGS sensitive information in memory
E
CVE-2023-3763 Intergard SGS SQL Query cleartext transmission
E
CVE-2023-3764 The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery...
S
CVE-2023-3765 Absolute Path Traversal in mlflow/mlflow
E S
CVE-2023-3766 Invalid Slice Split Results in Server Panic
S
CVE-2023-3767 OS command injection on EasyPHP Webserver
CVE-2023-3768 Vulnerability in Ingeteam's INGEPAC EF/DA
S
CVE-2023-3769 Vulnerability in Ingeteam's INGEPAC EF
S
CVE-2023-3770 Vulnerability in Ingeteam's INGEPAC DA
S
CVE-2023-3771 T1 theme <= 19.0 - Open Redirect
E
CVE-2023-3772 Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
CVE-2023-3773 Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
CVE-2023-3774 Vault Enterprise Namespace Creation May Lead to Denial of Service
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
CVE-2023-3776 Use-after-free in Linux kernel's net/sched: cls_fw component
S
CVE-2023-3777 Use-after-free in Linux kernel's netfilter: nf_tables component
S
CVE-2023-3779 The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key dis...
S
CVE-2023-3781 there is a possible use-after-free write due to improper locking. This could lead to local escalatio...
CVE-2023-3782 DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response
E
CVE-2023-3783 Webile HTTP POST Request cross site scripting
E
CVE-2023-3784 Dooblou WiFi File Explorer cross site scripting
E
CVE-2023-3785 PaulPrinting CMS cross site scripting
E
CVE-2023-3786 Aures Komet Kiosk Mode access control
E
CVE-2023-3787 Codecanyon Tiva Events Calender cross site scripting
E
CVE-2023-3788 ActiveITzone Active Super Shop CMS Manage Details Page cross site scripting
E
CVE-2023-3789 PaulPrinting CMS Search delivery cross site scripting
E
CVE-2023-3790 Boom CMS assets-manager add cross site scripting
E
CVE-2023-3791 IBOS OA Personal Office Address Book export actionExport sql injection
E
CVE-2023-3792 Beijing Netcon NS-ASG test_status.php direct request
E
CVE-2023-3793 Weaver e-cology HTTP POST Request filelFileDownloadForOutDoc.class sql injection
CVE-2023-3794 Bug Finder ChainCity Real Estate Investment Platform New Ticket create cross site scripting
CVE-2023-3795 Bug Finder ChainCity Real Estate Investment Platform GET Parameter property sql injection
CVE-2023-3796 Bug Finder Foody Friend Profile Picture profile unrestricted upload
CVE-2023-3797 Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System UploadFloodPlanFileUpdate.ashx unrestricted upload
E
CVE-2023-3798 Chengdu Flash Flood Disaster Monitoring and Warning System upload.aspx unrestricted upload
E
CVE-2023-3799 IBOS OA Delete Category del sql injection
E
CVE-2023-3800 EasyAdmin8 File Upload Module index.html unrestricted upload
E
CVE-2023-3801 IBOS OA Mobile Notification edit actionEdit sql injection
E
CVE-2023-3802 Chengdu Flash Flood Disaster Monitoring and Warning System Ajaxfileupload.ashx unrestricted upload
E
CVE-2023-3803 Chengdu Flash Flood Disaster Monitoring and Warning System File Name ImageStationDataService.asmx random values
E
CVE-2023-3804 Chengdu Flash Flood Disaster Monitoring and Warning System FileHandler.ashx unrestricted upload
E
CVE-2023-3805 Xiamen Four Letter Video Surveillance Management System Login UserInfoAction.class improper authorization
E
CVE-2023-3806 SourceCodester House Rental and Property Listing System btn_functions.php unrestricted upload
E
CVE-2023-3807 Campcodes Beauty Salon Management System edit_product.php sql injection
E
CVE-2023-3808 Hospital Management System patientforgotpassword.php sql injection
E
CVE-2023-3809 Hospital Management System patient.php sql injection
E
CVE-2023-3810 Hospital Management System patientappointment.php sql injection
E
CVE-2023-3811 Hospital Management System patientprofile.php sql injection
E
CVE-2023-3812 Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
S
CVE-2023-3813 The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to,...
E
CVE-2023-3814 Advanced File Manager < 5.1.1 - Admin+ Arbitrary File/Folder Access
E
CVE-2023-3815 y_project RuoYi File Upload uploadFilesPath cross site scripting
E
CVE-2023-3817 Excessive time spent checking DH q parameter value
S
CVE-2023-3819 Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore
E S
CVE-2023-3820 SQL Injection in pimcore/pimcore
E S
CVE-2023-3821 Cross-site Scripting (XSS) - Stored in pimcore/pimcore
E S
CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
E S
CVE-2023-3823 Security issue with external entity loading in XML without enabling it
E M
CVE-2023-3824 Buffer overflow and overread in phar_dir_read()
E
CVE-2023-3825 PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defin...
CVE-2023-3826 IBOS OA Interview edit&op=status sql injection
E
CVE-2023-3827 Bug Finder Listplace Directory Listing Platform HTTP POST Request create cross site scripting
CVE-2023-3828 Bug Finder Listplace Directory Listing Platform Photo coverPhotoUpdate cross site scripting
CVE-2023-3829 Bug Finder ICOGenie Support Ticket create cross site scripting
CVE-2023-3830 Bug Finder SASS BILLER store cross site scripting
CVE-2023-3831 Bug Finder Finounce Ticket create cross site scripting
CVE-2023-3832 Bug Finder Wedding Wonders Ticket create cross site scripting
CVE-2023-3833 Bug Finder Montage Ticket create cross site scripting
CVE-2023-3834 Bug Finder EX-RATE Ticket create cross site scripting
CVE-2023-3835 Bug Finder MineStack Ticket create cross site scripting
CVE-2023-3836 Dahua Smart Park Management unrestricted upload
E
CVE-2023-3837 DedeBIZ sys_sql_query.php cross site scripting
E
CVE-2023-3838 DedeBIZ vote_edit.php cross site scripting
E
CVE-2023-3839 DedeBIZ sys_sql_query.php sql injection
E
CVE-2023-3840 NxFilter cross site scripting
CVE-2023-3841 NxFilter user.jsp cross-site request forgery
CVE-2023-3842 Pointware EasyInventory Easy2W.exe unquoted search path
CVE-2023-3843 mooSocial mooDating URL question cross site scripting
E
CVE-2023-3844 mooSocial mooDating URL friends cross site scripting
E
CVE-2023-3845 mooSocial mooDating URL ajax_invite cross site scripting
E
CVE-2023-3846 mooSocial mooDating URL pages cross site scripting
E
CVE-2023-3847 mooSocial mooDating URL users cross site scripting
E
CVE-2023-3848 mooSocial mooDating URL view cross site scripting
E
CVE-2023-3849 mooSocial mooDating URL find-a-match cross site scripting
E
CVE-2023-3850 SourceCodester Lost and Found Information System HTTP POST Request sql injection
CVE-2023-3852 OpenRapid RapidCMS upload.php unrestricted upload
E S
CVE-2023-3853 phpscriptpoint BloodBank page.php cross site scripting
CVE-2023-3854 phpscriptpoint BloodBank POST Parameter search sql injection
CVE-2023-3855 phpscriptpoint JobSeeker search-result.php cross site scripting
CVE-2023-3856 phpscriptpoint Ecommerce blog-single.php cross site scripting
CVE-2023-3857 phpscriptpoint Ecommerce product.php cross site scripting
CVE-2023-3858 phpscriptpoint Car Listing search.php cross site scripting
CVE-2023-3859 phpscriptpoint Car Listing GET Parameter search.php sql injection
CVE-2023-3860 phpscriptpoint Insurance page.php cross site scripting
CVE-2023-3861 phpscriptpoint Insurance search.php cross site scripting
CVE-2023-3862 Travelmate Travelable Trek Management Solution Comment Box cross site scripting
CVE-2023-3863 Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c
S
CVE-2023-3864 SQL injection vulnerability in Snow License Manager
S
CVE-2023-3869 The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missin...
CVE-2023-3870 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3871 Campcodes Beauty Salon Management System edit_category.php sql injection
E
CVE-2023-3872 Campcodes Beauty Salon Management System edit-services.php sql injection
E
CVE-2023-3873 Campcodes Beauty Salon Management System index.php sql injection
E
CVE-2023-3874 Campcodes Beauty Salon Management System admin-profile.php sql injection
E
CVE-2023-3875 Campcodes Beauty Salon Management System del_feedback.php sql injection
E
CVE-2023-3876 Campcodes Beauty Salon Management System search-appointment.php sql injection
E
CVE-2023-3877 Campcodes Beauty Salon Management System add-services.php sql injection
E
CVE-2023-3878 Campcodes Beauty Salon Management System about-us.php sql injection
E
CVE-2023-3879 Campcodes Beauty Salon Management System del_category.php sql injection
E
CVE-2023-3880 Campcodes Beauty Salon Management System del_service.php sql injection
E
CVE-2023-3881 Campcodes Beauty Salon Management System forgot-password.php sql injection
E
CVE-2023-3882 Campcodes Beauty Salon Management System edit-accepted-appointment.php sql injection
E
CVE-2023-3883 Campcodes Beauty Salon Management System add-category.php cross site scripting
E
CVE-2023-3884 Campcodes Beauty Salon Management System edit_product.php cross site scripting
E
CVE-2023-3885 Campcodes Beauty Salon Management System edit_category.php cross site scripting
E
CVE-2023-3886 Campcodes Beauty Salon Management System invoice.php cross site scripting
E
CVE-2023-3887 Campcodes Beauty Salon Management System search-appointment.php cross site scripting
E
CVE-2023-3888 Campcodes Beauty Salon Management System admin-profile.php cross site scripting
E
CVE-2023-3889 Mali GPU Kernel Driver exposes sensitive data from freed memory
CVE-2023-3890 Campcodes Beauty Salon Management System edit-accepted-appointment.php cross site scripting
E
CVE-2023-3891 Lapce v0.2.8 - Privilege escalation via Race Condition
E
CVE-2023-3892 Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
CVE-2023-3893 Kubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation
CVE-2023-3894 DOS in jackson-dataformats-text
S
CVE-2023-3896 A divide by zero issue existed in vim of OpenCloudOS Stream
E S
CVE-2023-3897 Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page
S
CVE-2023-3898 SQLi in mAyaNets E-Commerce Software
CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
M
CVE-2023-3900 Improper Validation of Specified Type of Input in GitLab
E S
CVE-2023-3904 Improper Validation of Specified Type of Input in GitLab
E S
CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab
E S
CVE-2023-3907 Improper User Management in GitLab
E S
CVE-2023-3908 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3911 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3913 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3914 Incorrect User Management in GitLab
E S
CVE-2023-3915 Incorrect Execution-Assigned Permissions in GitLab
E S
CVE-2023-3917 Improper Validation of Specified Type of Input in GitLab
E S
CVE-2023-3919 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3920 Incorrect Authorization in GitLab
E S
CVE-2023-3922 URL Redirection to Untrusted Site ('Open Redirect') in GitLab
E S
CVE-2023-3928 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3929 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3930 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3932 Incorrect User Management in GitLab
E S
CVE-2023-3933 The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype p...
CVE-2023-3934 Rejected reason: Please discard this CVE, we are not using this anymore. The vulnerability turned ou...
R
CVE-2023-3935 Wibu: Buffer Overflow in CodeMeter Runtime
CVE-2023-3936 Blog2Social < 7.2.1 - Reflected XSS
E
CVE-2023-3937 Cross site scripting vulnerabilities in Snow License Manager
S
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
CVE-2023-3939 Multiple command injection in ZkTeco-based OEM devices
CVE-2023-3940 Multiple arbitrary file reads in ZkTeco-based OEM devices
CVE-2023-3941 Multiple arbitrary file writes in ZkTeco-based OEM devices
CVE-2023-3942 Multiple SQLi in ZkTeco-based OEM devices
CVE-2023-3943 Multiple buffer overflow in ZkTeco-based OEM devices
CVE-2023-3944 phpscriptpoint Lawyer page.php cross site scripting
CVE-2023-3945 phpscriptpoint Lawyer search.php cross site scripting
CVE-2023-3946 A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remo...
CVE-2023-3947 The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposur...
S
CVE-2023-3949 Insertion of Sensitive Information Into Sent Data in GitLab
E S
CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab
E S
CVE-2023-3953 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability ex...
CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS
E
CVE-2023-3955 Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation
E S
CVE-2023-3956 The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification ...
S
CVE-2023-3957 The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data ...
S
CVE-2023-3958 The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the '...
S
CVE-2023-3959 Zavio IP Camera Stack-Based Buffer Overflow
M
CVE-2023-3961 Samba: smbd allows client access to unix domain sockets on the file system as root
E M
CVE-2023-3962 The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollut...
CVE-2023-3963 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2023-3964 Incorrect Authorization in GitLab
E S
CVE-2023-3965 The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution ...
CVE-2023-3966 Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet
CVE-2023-3967 DoS Vulnerability in Hitachi Ops Center Common Services
CVE-2023-3969 GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting
E
CVE-2023-3970 GZ Scripts Availability Booking Calendar PHP Image cross site scripting
E
CVE-2023-3971 Controller: html injection in custom login info
CVE-2023-3972 Insights-client: unsafe handling of temporary files and directories
S
CVE-2023-3973 Cross-site Scripting (XSS) - Reflected in jgraph/drawio
S
CVE-2023-3974 OS Command Injection in jgraph/drawio
S
CVE-2023-3975 OS Command Injection in jgraph/drawio
E S
CVE-2023-3977 Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized...
E S
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
S
CVE-2023-3979 Incorrect Authorization in GitLab
E S
CVE-2023-3980 Cross-site Scripting (XSS) - Stored in omeka/omeka-s
E S
CVE-2023-3981 Server-Side Request Forgery (SSRF) in omeka/omeka-s
E S
CVE-2023-3982 Cross-site Scripting (XSS) - Stored in omeka/omeka-s
E S
CVE-2023-3983 An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 buil...
E
CVE-2023-3984 phpscriptpoint RecipePoint recipe-result sql injection
CVE-2023-3985 SourceCodester Online Jewelry Store login.php sql injection
E
CVE-2023-3986 SourceCodester Simple Online Mens Salon Management System cross site scripting
E
CVE-2023-3987 SourceCodester Simple Online Mens Salon Management System sql injection
E
CVE-2023-3988 Cafe Billing System Order index.php sql injection
E
CVE-2023-3989 SourceCodester Jewelry Store System add_customer.php cross site scripting
E
CVE-2023-3990 Mingsoft MCMS HTTP POST Request search.do cross site scripting
E
CVE-2023-3991 OS command injection vulnerability in FreshTomato 2023.3
CVE-2023-3992 PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting
E
CVE-2023-3993 Insertion of Sensitive Information into Log File in GitLab
S
CVE-2023-3994 Inefficient Regular Expression Complexity in GitLab
E S
CVE-2023-3995 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i...
R
CVE-2023-3996 The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
S
CVE-2023-3997 Unauthenticated Log Injection In Splunk SOAR
CVE-2023-3998 The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missin...
CVE-2023-3999 The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to ...
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.